Invention Grant
- Patent Title: System and method of determining malicious processes
-
Application No.: US15171707Application Date: 2016-06-02
-
Publication No.: US10439904B2Publication Date: 2019-10-08
- Inventor: Khawar Deen , Navindra Yadav , Anubhav Gupta , Shashidhar Gandham , Rohit Chandra Prasad , Abhishek Ranjan Singh , Shih-Chun Chang
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: CISCO TECHNOLOGY, INC.
- Current Assignee: CISCO TECHNOLOGY, INC.
- Current Assignee Address: US CA San Jose
- Agency: Polsinelli PC
- Main IPC: G06F11/00
- IPC: G06F11/00 ; H04L12/26 ; H04L29/06 ; G06F9/455 ; G06N20/00 ; G06F16/29 ; G06F16/248 ; G06F16/28 ; G06F16/9535 ; G06F16/2457 ; H04L12/851 ; H04L12/24 ; H04W84/18 ; H04L29/08 ; G06F21/53 ; H04L12/723 ; G06F3/0484 ; H04L1/24 ; H04W72/08 ; H04L9/08 ; H04L9/32 ; H04J3/06 ; H04J3/14 ; H04L29/12 ; H04L12/813 ; H04L12/823 ; H04L12/801 ; H04L12/741 ; H04L12/833 ; H04L12/721 ; G06F3/0482 ; G06T11/20 ; H04L12/841 ; H04L12/725 ; H04L12/715 ; G06F21/55 ; G06F21/56 ; G06F16/16 ; G06F16/17 ; G06F16/11 ; G06F16/13 ; G06N99/00 ; G06F16/174 ; G06F16/23
Abstract:
Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. A method includes determining a lineage for a process within the network and then evaluating, through knowledge of the lineage, the source of the command that initiated the process. The method includes capturing data from a plurality of capture agents at different layers of a network, each capture agent of the plurality of capture agents configured to observe network activity at a particular location in the network, developing, based on the data, a lineage for a process associated with the network activity and, based on the lineage, identifying an anomaly within the network.
Public/Granted literature
- US20160357957A1 SYSTEM AND METHOD OF DETERMINING MALICIOUS PROCESSES Public/Granted day:2016-12-08
Information query
